MokoConsulting/MokoSuiteBackup
1
0
Fork 0
Code Issues 3 Pull Requests Packages Releases 2 Wiki Activity
Files
726291995cdaed1b4f088fc57d3349d00aec0b5c
MokoSuiteBackup/CHANGELOG.md
T
gitea-actions[bot] 2ac4923d74
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 6s
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 43s
Details
chore: promote changelog [Unreleased] → [01.43.00]
2026-06-24 11:49:15 +00:00

6.5 KiB
Raw Blame History

Changelog

[Unreleased]

[01.43.00] --- 2026-06-24

[01.43.00] --- 2026-06-24

[01.42.00] --- 2026-06-23

[01.42.00] --- 2026-06-23

[01.41.00] — 2026-06-23

Added — Multi-Remote Storage

  • New #__mokosuitebackup_remotes table for multiple destinations per profile
  • Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit
  • Engine uploads to ALL enabled destinations (BackupEngine + SteppedBackupEngine)
  • Migration auto-converts existing SFTP/S3/GDrive/FTP profile columns to new table
  • Backward compatibility: falls back to legacy single-remote columns if table empty
  • Secrets masked in API responses, merged from DB on save

Added — Content Snapshots

  • Lightweight JSON snapshots of articles, categories, and modules
  • Includes tags, custom fields, workflow associations, field values
  • Restore modes: Replace (clean slate), Merge (upsert), Selective (per-article)
  • Snapshot retention: max count + max age with automatic cleanup
  • Scheduled snapshot task via com_scheduler
  • CLI: mokosuitebackup:snapshot create|restore|list|delete
  • REST API: create, list, restore, delete, download snapshots
  • Tabbed browse modal: Articles / Categories / Modules with item counts

Added — SFTP Remote Storage

  • SFTP support with SSH key file authentication (key stored base64 in database)
  • Auth type dropdown: Password / Key File / Key File + Passphrase
  • SshKeyField: file upload via FileReader, key never exposed in HTML
  • SFTP remote directory browser for path selection
  • __KEEP_EXISTING__ sentinel preserves key on profile re-save

Added — MokoRestore Wizard (9 steps)

  • Per-table conflict resolution: Replace / Skip / Merge / Data Only
  • Preset buttons: "All Replace", "All Skip", "Everything except users"
  • Post-restore actions: reset passwords, hits, versions, sessions, cache
  • Auto-detect sanitized passwords and prompt for reset (random temp password)
  • Standalone mode: restore.php scans directory for ZIP files
  • Wrapped mode: restore.php bundled inside backup ZIP
  • Security gate with filesystem verification + path traversal protection

Added — Data Sanitization

  • Sanitize user passwords: replace hashes with invalid sentinel
  • Sanitize user emails: replace with dummy values
  • Clear session data: exclude #__session table
  • Preserve super admin credentials (optional)
  • GDPR-friendly backup sharing for demos and staging sites

Added — Backup Engine

  • Pre-flight validation: directory, disk space, extensions, credentials, running backups
  • Auto-verify archive integrity after creation (ZIP, tar.gz, 7z)
  • 7z archive format via system 7za/7z CLI binary with native encryption
  • Streaming database dump to temp file (prevents OOM on large sites)
  • S3 streaming upload via CURLOPT_PUT (prevents OOM)
  • Graceful remote degradation: local backup preserved if upload fails
  • DatabaseDumper::dumpToFile() for memory-efficient operation

Added — Admin UI

  • Dashboard: snapshot widget, 30-day backup trend chart, per-profile storage breakdown
  • CPanel admin dashboard module (mod_mokosuitebackup_cpanel) with quick actions
  • Backup type filter dropdown in backups list
  • Backup comparison: select two backups for side-by-side diff
  • Archive browser: view files inside backup without extracting
  • Manual purge: delete backups older than a date with count preview
  • Run Backup button on profile list and edit views with backup count badges
  • "Do not navigate away" warning in backup/restore progress modals
  • Clickable placeholder pills for backup directory and archive name fields
  • Comprehensive help modal with absolute/relative/placeholder path documentation
  • Placeholder resolution display with EXAMPLE prefix
  • All placeholders UPPERCASE: [HOST], [SITE_NAME], [DATE], [DATETIME], etc.

Added — CLI & API

  • mokosuitebackup:restore with --files-only, --db-only, --password options
  • mokosuitebackup:snapshot with create, restore, list, delete actions
  • REST API for snapshots: create, list, restore, delete, download
  • Profile credentials masked in API responses

Added — Notifications & Logging

  • Email/ntfy notifications for site restore, snapshot create/restore
  • Joomla Action Logs for restore, snapshot, and snapshot restore events
  • Global ntfy server/topic/token settings (fallback for profiles)

Added — Security & Configuration

  • Webcron secret field with CSPRNG generator + strength meter
  • IP whitelist field with current IP detection + one-click "Add my IP"
  • 10 ACL permissions with full enforcement audit across all controllers
  • Config defaults: archive format, MokoRestore mode, sanitization settings
  • Path traversal protection on all archive extraction (ZIP, tar.gz, JPA)

Fixed

  • CLI RestoreCommand passed wrong arguments (filepath instead of record ID)
  • JPA path traversal: reject ../ in archive entry paths
  • S3Uploader OOM: streaming upload instead of file_get_contents
  • DatabaseDumper OOM: streaming to file instead of in-memory string
  • AkeebaImporter: removed unserialize() (PHP object injection risk)
  • BackupTable: delete DB row before file (prevents data loss)
  • RestoreEngine: staging path sanitized with preg_replace
  • API profiles: sensitive fields masked with ***
  • Webcron: missing return after sendJsonResponse on auth failure
  • loadFormData(): cast array to object (PHP 8.x TypeError fix)
  • MokoRestore data-only mode: uses REPLACE INTO for existing rows
  • Plaintext archive deleted on encryption failure
  • TarGzArchiver: intermediate .tar cleaned in finally block
  • Install script: single-line comments converted to block comments
  • Orphaned root-level webservices plugin files removed
  • include_mokorestore column: TINYINT changed to VARCHAR(20)
  • Snapshot fields_values: scoped dump and restore to com_content.article (previously destroyed values for contacts, users, etc.)
  • Run Backup button: accept CSRF token from GET (fixes "token did not match" on profile edit)
  • SFTP fields: moved into remote fieldset for showon visibility; removed required attr that blocked non-SFTP saves
  • Script.php merge conflict markers resolved

[01.24.00] — 2026-06-02

Added

  • Initial release: full-site backup and restore for Joomla 6
  • Database, files, and configuration backup
  • ZIP and tar.gz archive formats with AES-256 encryption
  • Differential backups based on file manifests
  • FTP/FTPS, S3, Google Drive remote storage
  • MokoRestore standalone restore wizard
  • CLI backup and restore commands
  • REST API for remote management
  • Scheduled tasks via com_scheduler
  • Email and ntfy push notifications
  • Per-profile retention, exclusions, and notifications
  • Akeeba Backup migration tool
  • Admin dashboard with system health checks
Reference in New Issue View Git Blame Copy Permalink